In This Tutorial, We Will Create Virtual Hosts on an Apache Web-Server. We Presume

NetDirector

Creating Virtual Hosts

Prerequisite

In this tutorial, we will create virtual hosts on an Apache Web-server. We presume:

a.  You have installed NetDirector. See tutorial NetDirector Installation.

b.  You have configured NetDirector. See tutorial NetDirector Configuration.

c.  You are ready to Manage Apache. See tutorial NetDirector Apache Server

Virtual Hosts

Normally, a host has one web-server and one website. This host is a real host. Virtual host refers to the capability of hosting on a single machine more than one web-server, each being accessible through a different server name. There is, in reality, only one web-server on the machine though it appears that multiple web-servers exist. Virtual hosts enable to host more than one web-site on a single machine with each web-site having its own DocumentRoot and server name. (Incidentally, if you have forgotten, DocumentRoot is the top-most folder in the hierarchy of folders, from where a web-server, on request, serves pages to clients (browsers). By default, it is /var/www/html/ in RedHat based distributions.)

IP addresses are in short supply. Domain names and host names are not. The names that you coin are only limited by your imagination. Suppose you have three host names: remote.gov.in (domain: gov.in), xyz.shoes.com (domain: shoes.com) and dear.mypet.com (domain: mypet.com) but you have only two IP addresses: 192.168.1.2 and 192.168.1.5. On top of it, you have just one server machine. What do you do? Can you host two websites corresponding to one IP address, say 192.168.1.2 for domain, say, gov.in (URL: http://remote.gov.in), and shoes.com (URL: http://xyz.shoes.com). And can you host on the same machine another website with IP address 192.168.1.5 for domain mypet.com (URL: http://dear.mypet.com). Answers to all these are ‘yes’. It is possible to host more than one website on a machine and these are called virtual web-hosts.

Virtual web-hosts are of three types: Name-based, address-based and port-based. Name-based virtual-hosts have the same IP but different names. Corresponding to each name there is a one DocumentRoot where (or below which) files relating to that website are placed. In address-based virtual hosts, corresponding to each IP address, there is a one DocumentRoot. In a port based virtual-host, while IP address and name are the same but the web-server listens at different port (not the well-known port 80 ) and serves content from a different DocumentRoot.

While name-based virtual hosts are the preferred method of creating virtual hosts, it is not possible to have SSL/TLS connection working for them. The reason is that SSL/TLS session is a wrapper around http session. SSL session occurs first and then only http session begins. On finding a URL beginning with https:// the browser sends a request for an SSL/TLS connection to web-server. The server, without looking at the rest of the URL that contains the virtual host particulars, depending upon the IP address and the port to which this request was made sends the SSL certificate. An Apache module mod_gnutls permits SSL/TLS implementation for name-based virtual hosts. Read more about it at http://www.outoforder.cc/projects/apache/mod_gnutls/.

Our model

We will demonstrate the creation of virtual web-hosts as per the scheme in the table below.

Machine: 1; Network card: 1
Logical device / IP address / Web-server address / DocumentRoot
eth0 / 192.168.1.2 / http://remote.gov.in / /var/www/html (default)
eth0 / 192.168.1.2 / http://xyz.shoes.com / /var/abc
eth0:1 / 192.168.1.5 / http://dear.mypet.com / /var/pet

Table 1: Sample configuration for creating virtual web-servers

We assume that DNS has been configured so that the addresses remote.gov.in and xyz.shoes.com resolve to 192.168.1.2 and dear.mypet.com resolves to 192.168.1.5.

Make requisite folders for respective DocumentRoots

#mkdir /var/abc

#mkdir /var/pet

Change folder owner and group to apache

#chown apache:apache /var/abc

#chown apache:apache /var/pet

Change folder permissions so that apache can read/write/execute but others only read/execute

#chmod 0755 /var/abc

#chmod 0755 /var/pet

Change security context of these folders as per SELinux policy

# chcon -R -t httpd_sys_content_t /var/abc

# chcon -R -t httpd_sys_content_t /var/pet

Let SELinux be in enforcing mode, if not already so

# setenforce 1

Creating virtual hosts

Name-based Virtual hosts

For the server to be configured, reach Fig. 1. Click Start Service to start Apache server if not already running. Click on the link Check Config File to check that someone had not changed configuration file outside NetDirector. If someone ever did that then you will be informed.

Fig. 1: Apache configuration page. Click on Edit Config Files

Click on Edit Config Files link in Fig. 1. In this file look for the directive ServerName. Against it write ‘remote.gov.in:80’ and Save the file (Fig. 2). ServerName gives the name and port that the server uses to identify itself. The web-server can often determine it automatically, but it is recommended to specify it to prevent problems during startup.

Fig. 2: Configuration file. Write ServerName

Click on Networking and Addresses in Fig. 1 to be at Networking and Addresses page at Fig. 3. Here against Addresses for name virtual servers, write down the IP address 192.168.1.2. Click Save and then Close buttons.

Fig. 3: Specify the IP address for name based virtual servers

You are back at Fig. 1. An additional button appears Apply Changes now. Click it to propagate the changes you have made to the Apache server. This change writes the following directive in the Apache configuration file (/etc/httpd/conf/httpd.conf):

NameVirtualHost 192.168.1.2

NameVirtualHost directive tells the Apache as to at which IP address requests for name-based virtual hosts will be accepted. The IP address(es) specified for this directive must be consistent with the values used against Listen on addresses and ports field in Fig. 3. The default value is ‘All’, which is OK.

In Fig. 1, click Virtual Servers to open Virtual Servers page as in Fig. 4. As yet there is no virtual server so this page is blank. Before you create any virtual host, a virtual host must be created for the existing web-host.

Fig. 4: Click Create Virtual Server to begin creating virtual server

Click on Create Virtual Server button in Fig. 4. Write the IP address of virtual host, its DocumentRoot and Server Name. The ServerName and DocumentRoot should be the same as the global ServerName and DocumentRoot. Click Create and then Close buttons (Fig. 5).

Fig. 5: Creating virtual host for existing web-host

A virtual host is created and listed on Virtual Servers page as in Fig. 6.

Fig. 6: One virtual host created

In the same manner create another name-based virtual host for xyz.shoes.com (Fig. 7).

Fig. 7: Virtual host for xyz.shoes.com

Creation of these two virtual hosts inserts two <VirtualHost> blocks for each one of the hosts in the configuration file. Each block contains two directives: DocumentRoot and ServerName.

NameVirtualHost 192.168.1.2

<VirtualHost 192.168.1.2>

DocumentRoot /var/www/html

ServerName remote.gov.in

</VirtualHost>

<VirtualHost 192.168.1.2>

DocumentRoot /var/abc

ServerName xyz.shoes.com

</VirtualHost>

You can examine these lines by clicking on Edit Config Files link in Fig. 1. Note that the existing web-host should be the first virtual host in the configuration file. Listing it first makes it the default host. It means if you just type in the URL in your browser as: http://192.168.1.2/ then pages will be served from the first listed virtual host.

Fig. 8: Click on a virtual host to begin further configuring it

You can now further fine-tune the configuration settings of each virtual host. The directives in the Global Configuration section setup the default values for many parameters. These values also provide defaults for <VirtualHost> block. Yet directives can now be specified within each <VirtualHost> block and these will override default (global) values for that virtual host.

To fine-tune, click on any one virtual host in Fig. 8. Virtual Server Setting page as in Fig. 9 opens. Here, for example, you can click on Directory Indexing and customize the way a directory will be viewed on the web. For example, when in the URL no page is specified what default page (directory index files: "index.html", "default.htm", etc.) will be served can be configured here.

Fig. 9: Configuring virtual host xyz.shoes.com

Log Files

For each virtual host, a different set of log files may be kept. They help to quickly diagnose problems. Among the set, one log file may record any error generated in serving pages and the other log file may record who accessed the page and when. To do so, in Fig. 10, click on the icon Log Files to open Virtual Server Log Files page as at Fig. 11.

Fig. 10: Virtual server details. Click on Log files to specify log files for the virtual server

Write the path and the name of the two log files. The files may not exist. They will be created. Error log level may be selected at warn level. Save the page. Stop and restart Apache. Now if you start the browser, and in the address window type the address http://xyz.shoes.com, the index.html file that is placed in the folder /var/abc will appear in the browser window. Use gedit to open file /var/log/xyzlogAccess; this would have recorded who accessed it and when. Do not keep log files in DocumentRoot or below that folder as a security measure.

Fig. 11: Virtual Server Log Files for xyz.shoes.com

The <VirtualHost> block for xyz.shoes.com will get amended in the configuration file as follows. Log files related directives will now be there.

<VirtualHost 192.168.1.2>

DocumentRoot /var/abc

ServerName xyz.shoes.com

ErrorLog /var/log/xyz.log

TransferLog /var/log/xyzlogAccess

LogLevel warn

</VirtualHost>

IP-based virtual host

For IP-based virtual hosts multiple IP addresses be available. If just a single physical network interface is available then multiple virtual interfaces (e.g. eth0:1) can be created. The process of creating address-based virtual host is just the same. Uncheck the check box Add name virtual server address (if needed) from the form Create a New Virtual Server (Fig. 12). There will, of course, be a different document root (here, /var/pet). After the virtual server is created, you may further configure it as before. Stop and restart Apache. Access the server as http://dear.mypet.com. Index file placed in the folder /var/pet/ will appear on the browser.

Fig. 12: Creating address based virtual host

In the configuration file another <VirtualHost> block will appear as follows:

<VirtualHost 192.168.1.5:80>

DocumentRoot /var/pet

ServerName dear.pet.com

</VirtualHost>

Checking syntax problems

You can directly make blocks/write directives to /etc/httpd/conf/httpd.conf file through Edit Config Files link in Fig. 1. If you do so, syntax related problems can be checked with ‘httpd –S’ command as:

# httpd -S

[Wed Aug 13 13:22:45 2008] [crit] (17)File exists: Failed to create shared memory segment for backend 'XXGLOBAL'

VirtualHost configuration:

192.168.1.2:80 is a NameVirtualHost

default server remote.gov.in (/etc/httpd/conf/httpd.conf:992)

port 80 namevhost remote.gov.in (/etc/httpd/conf/httpd.conf:992)

port 80 namevhost xyz.shoes.com (/etc/httpd/conf/httpd.conf:996)

192.168.1.5:80 dear.pet.com (/etc/httpd/conf/httpd.conf:1004)

wildcard NameVirtualHosts and _default_ servers:

_default_:443 remote.gov.in (/etc/httpd/conf.d/ssl.conf:81)

Syntax OK

[root@remote var]#

*************************